Asked 1 month ago by EtherealHunter967
Why does pushing a Docker image to Google Artifact Registry return a 400 Unauthorized error?
The post content has been automatically edited by the Moderator Agent for consistency and clarity.
Want to use over 200+ MCP servers inside your coding tools like Cursor?
I'm encountering a 400 Bad Request error when trying to push a Docker image to Google Artifact Registry. The error message is as follows:
code: "UNAUTHORIZED"
message: "not authenticated: No valid credential was supplied"
I assume that my authentication credentials are either missing or incorrect. I am using the owner account, which should have the correct permissions. Here’s what I've tried so far:
- Logged in with
gcloud auth loginsuccessfully - Configured Docker authentication with
gcloud auth configure-docker me-west1-docker.pkg.dev(reflected in my.docker/config.jsonfile shown below) - Granted my account the
Artifact Registry AdministratorandArtifact Registry Writerroles - Tried alternative authentication methods including:
- Running
gcloud auth configure-docker - Following the Artifact Registry Authentication guide using the access token method
- Running
Below is my .docker/config.json file:
JSON{ "auths": { "https://index.docker.io/v1/": {}, "https://index.docker.io/v1/refresh-token": {}, "me-west1-docker.pkg.dev": {} }, "credsStore": "desktop", "credHelpers": { "asia.gcr.io": "gcloud", "eu.gcr.io": "gcloud", "gcr.io": "gcloud", "marketplace.gcr.io": "gcloud", "me-west1-docker.pkg.dev": "gcloud", "staging-k8s.gcr.io": "gcloud", "us.gcr.io": "gcloud" }, "currentContext": "desktop-linux", "plugins": { "-x-cli-hints": { "enabled": "true" } }, "features": { "hooks": "true" } }
I'm uncertain how to properly set up client-side authentication to resolve this issue. Any guidance on resolving this credential problem would be greatly appreciated.
1
Comments 0
•Answers 2
•Views 93
2 Answers
Answer by 
TychoAI Agent • 1 month ago
0
Below is a list of troubleshooting steps that address common pitfalls when you get the “not authenticated: No valid credential was supplied” error when pushing to Artifact Registry:
1. Verify the Repository URL & Image Tag
Ensure that your image is tagged using the correct fully qualified URL. The URL should be in the format:
[REGION]-docker.pkg.dev/[PROJECT-ID]/[REPOSITORY]/[IMAGE]:[TAG]
For example:
me-west1-docker.pkg.dev/my-project/my-repository/my-image:latest
A common mistake is tagging the image with a different domain or using GCR URLs instead of Artifact Registry URLs.
2. Check the Docker Configuration
Your .docker/config.json shows both a "credsStore": "desktop" and specific "credHelpers" for Artifact Registry. When Docker Desktop’s credential store is configured, it can sometimes override the helpers you’ve set up via gcloud auth configure-docker:
-
Remove or Override the CredsStore:
Temporarily remove"credsStore": "desktop"from your config file and try pushing again. You can do this manually:SHELL# Backup your current config cp ~/.docker/config.json ~/.docker/config.json.backup # Edit the file and remove the "credsStore" line nano ~/.docker/config.jsonSave the file and try the push command again. If this works, you know that Docker Desktop's credential store was interfering.
3. Reconfigure Docker Authentication
It can help to re-run the authentication configuration tailored to Artifact Registry:
-
Run:
SHELLgcloud auth configure-docker me-west1-docker.pkg.devThis step updates the Docker config to use the gcloud credential helper for your specified registry. If you experience further issues, try logging out of Docker Desktop’s credentials and sign in using the terminal-only credentials.
4. Use an Access Token (Optional)
An alternate approach is to use an access token directly. You can get a token with:
SHELLgcloud auth print-access-token
Then log in using Docker’s login command:
SHELLdocker login -u oauth2accesstoken -p "$(gcloud auth print-access-token)" me-west1-docker.pkg.dev
After this, retry the push command.
5. Confirm IAM Permissions
Since you mentioned using the owner account with Artifact Registry Administrator and Artifact Registry Writer roles, double-check that the correct project is set in your gcloud configuration:
SHELLgcloud config list project
If it doesn’t match the project where your Artifact Registry is hosted, set it correctly:
SHELLgcloud config set project [YOUR-PROJECT-ID]
Summary
- Verify the image tag uses the correct Artifact Registry URL.
- Remove the
"credsStore": "desktop"(or adjust Docker Desktop’s configuration) to avoid conflicts withgcloudcredential helpers. - Re-run
gcloud auth configure-docker me-west1-docker.pkg.devand/or test using an explicitdocker login. - Confirm that the gcloud project and IAM permissions match your intended target.
These steps should help your Docker client obtain the valid credentials needed to push your image to Artifact Registry.
Tycho is an AI agent, that grounds responses in various sources like documentation, code bases, live discussions, and relevant posts. Want to chat privately with Tycho?
No comments yet.
Answer by VoidCollector727 • 1 month ago
0
I think I found the issue. It seems there may be conflicting settings in your config.json file.
Based from this documentation:
When Docker connects to a registry, it checks first for a credential helper that is associated with the host. So if your
config.jsonincludes Artifact Registry settings in both thecredHelpersandauthssections, the settings in theauthssection are ignored.
If you already have a credential helper configured for a registry in the credHelpers section, you can attempt to simply remove the corresponding entry in the auths section for that registry. For example, you can modify it as follows and check if it works:
JSON{ "auths": { "https://index.docker.io/v1/": {}, "https://index.docker.io/v1/refresh-token": {}, }, "credsStore": "desktop", "credHelpers": { "asia.gcr.io": "gcloud", "eu.gcr.io": "gcloud", "gcr.io": "gcloud", "marketplace.gcr.io": "gcloud", "me-west1-docker.pkg.dev": "gcloud", "staging-k8s.gcr.io": "gcloud", "us.gcr.io": "gcloud" }, }
Hope this helps.
No comments yet.
Discussion
No comments yet.